The only way I know of to forcibly close a connected TCP connection is to use ndd with the "tcp_discon" or "tcp_discon_by_addr" parameters.
To use this syntax you need the pointer to the TCP instance data, which you can retrieve by calling ndd with the "tcp_status" parameter.
For example:
# ndd -get /dev/tcp tcp_status
TCP dst snxt suna swnd cwnd rnxt rack rwnd
rto mss [lport,fport] state
0000000042d958a8 015.023.137.245 30310eb5 30310eb5 00008000 001203e0 2613803d 2613803d 000080
00 00500 04096 [c07b,1770] TCP_ESTABLISHED
You need to correctly identify the connection you're interested from the returned list, which is usually done by finding the correct local and remote IP address/port combinations and the state of the connection.
The first field in the returned list is the TCP instance number, so if you wanted to remove the connection shown in the example above you would use the tcp_discon syntax as follows:
# ndd -set /dev/tcp tcp_discon 0x0000000042d958a8
The tcp_discon parameter is not a supported parameter, so you need to use caution when using this syntax.
I hope this helps.
Regards,
Dave
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Hi again,
I found the following document that explains the need for using EXTREME caution when using ndd to shutdown socket connections. I thought I would include it here for your benefit and the benefit of other ITRC forum readers.
------------------------------------------
Use EXTREME caution in using ndd to shutdown socket connections
QUESTION
A powerful function of ndd in 11.x is the ability to "disconnect" a TCP connection and/or "clean-up" a TCP socket. This is done with one of the following ndd "tunables":
tcp_discon - Terminate a TCP connection
tcp_discon_by_addr - Terminate a TCP connection
tcp_fin_wait_2_timeout - Close idle fin waits
Please use and recommend these with GREAT CAUTION!
ANSWER
Typically these get used when someone is wanting to know "how do I clean up a socket?". There is always more to the story that needs to be learned before using ndd.
The reason for great concern is twofold. The first is that we need to address the "real" issue of why these socket connections are "hanging around" and not just cover it up by severing it. The real issue in these cases is almost always an application issue or a operational issue. It is rarely a network issue. The second reason is that use of the tcp_discn* options MAY cause data loss or corruption!
Looking at the most common socket "states":
ESTABLISHED:
If a socket is in an ESTABLISHED state, we clearly should not be blowing it away as there is still an application running that has the connection open. If this is the case, work on the application issue, and if needed, terminate the application, not the socket.
CLOSE_WAIT:
In this case there is still a local application that has the connection open and the same principal applies as does the "ESTABLISHED" case. Often the user will swear that the application has been terminated. I have yet to see a case where this is true. It is sometimes the case that the main program that created (or accept(2)ed) the socket has terminated but a child is still referencing the socket. In any case, the public domain lsof(1) command is your friend in determining which process(s) is still referencing the socket.
Once this is determined, the customer (or the application provider) will need to determine if the application is supposed to still have the socket open and, if not, what the application problem is. It may be the case that the application has yet to finish reading data from the socket. If you "terminate" the socket, the data is "terminated" as well. Not a good thing to do unless you know the application.
Do NOT rely on the output of netstat -an to see if there is unread data on the socket because 11.x will almost always report 0 bytes of data in the Recv-Q even when data is present.
FIN_WAIT* (FIN_WAIT_1/FIN_WAIT_2):
This state is actually the "other end" of a connection that is in CLOSE_WAIT (no they are not "the same"!) In the case of a FIN_WAIT* state, the local application has done a "final close(2)" on the local socket, that is, all processes that may have referenced the socket are now gone. In this case, the local TCP has send a TCP packet to the remote with the FIN flag send (often called a "FIN packet"). The remote may have acknowledged the FIN flag (FIN_WAIT_2) or not (FIN_WAIT_1). In either case, the other end has not yet indicated that it is "done" with the connection.
This is actually a very unique state(s), in that a socket may be in this state and will have no application referencing it. In this case, and this case alone, lsof will NOT show an application that has a file descriptor pointing to the socket. The local TCP is now just waiting for the other end of the connection to tell us it has read all the data and is done with the connection as well. It is never appropriate to shutdown such a connection without knowing what is going on with the other end of the connection. IF you know the situation at the other end of the connection (e.g. the remote system is shutdown), then you may use ndd if you have real need to.
There have been issues where the application on the other end of the connection took over 30 minutes to do what it needed to do and close the other end of the connection. In one particular case where this was true, the local socket (FIN_WAIT_2) was "shut down" after 10 minutes and the remote aborted. The job had been running for almost a week on 10 interconnected hp9000s; the whole job had to be restarted from scratch.
This brings up the point of, why do you "need" to "shutdown" the socket?
Usually this is for one of two reasons. A real problem is when trying to start or restart an application (typically a server process) we get an error from the bind(2) system call indicating that the address is "in use". This usually indicates that we are trying to bind a TCP port number to the socket that is already being used.
This may be a time when you will need to use ndd to "shutdown" a socket that is in FIN_WAIT*. HOWEVER... it also indicates that the server process is not really written in the manner it "should be". A server that binds a specific port number to a socket (most do) should also be using "setsockopt(s, SO_REUSEADDR)" to let the port number be "reused". This is the way most well written server apps work and then it does not matter if there is an "old" socket still around in a state such a FIN_WAIT*. The server will still be able to (re)start.
So please DO take careful note of what ndd (and the lab) says about the tcp_discon* variables:
>> UNSUPPORTED ndd tunable parameters on HP-UX:
>> -------------------------------------------
>> This set of parameters are not supported by HP and modification of
>> these tunable parameters are not suggested nor recommended.
I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]